Answered: [Security threat] tags are not sanitized in extra question field
Post date: 2020-07-01 00:44:51
Views: 266

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.
Please click Here to read the full story.
 
Other Top and Latest Questions:
Trump says China and Taiwan should 'both cool it'
Russia's Putin to meet China's Xi in Beijing from May 19-20, Beijing and Moscow say
Trump touted Palantir on Truth Social after buying the company's stock, records show
Are there any good free VPNs?
What is this week's meal prep? Please share a recipe
A Man on the Inside: Family Weekend 9
Top Chef: Hook, Line & Dinner
Good Omens: The Finale
Kevin Warsh comes into the Fed facing a big 'family fight' over cutting interest rates
Why Taiwan became the defining issue in the Trump-Xi talks